The File Data Factor in Ransomware Defense: 3 Best Practices | eWEEK | eWeek

The File Data Factor in Ransomware Defense: 3 Best Practices

The File Data Factor in Ransomware Defense: 3 Best Practices
Écrit par
eWEEK EDITORS
eWEEK EDITORS
Sep 8, 2021
4 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Aside from the pandemic, ransomware has become one of the gravest threats to the global economy.  It is no longer a matter of “if” an organization is going to be attacked but “when,” according to Gartner.

The research firm predicts that 75% of organizations will face one or more attacks by 2025. National Security Institute found the average ransomware payout was $200,000 in 2020, up from just $5,000 two years ago as ransomware gangs resort to more aggressive tactics to get what they want.

Large-scale attacks on enterprises—the latest being one against Accenture—are creating regular headlines. The U.S. is the largest region for such attacks, and ransomware accounted for 30% of all U.S.-based cyberattacks in 2020, more than double the rate globally.

Why is ransomware worse now?

The word among security experts is that the Covid-19 pandemic, with its resulting lockdowns and work-from-home mandates, created an enticing new opportunity for hackers.

Employees sometimes use insecure personal devices and networks, accessing desktops over the easily-compromised Remote Desktop Protocol (RDP) software and connected by VPNs which aren’t always configured or secured properly. This has led to a perfect storm of vulnerability at even the largest corporations with massive IT budgets and large teams in place. Ransomware attacks are also becoming more sophisticated.

Ransomware software is now attacking in multiple stages, from penetrating the network, to stealing credentials, to attacking the backup systems. Over this entire time period, which can take weeks to months, companies typically don’t know they are under attack until finally someone suddenly notices files becoming encrypted and unusable.

How does this affect data storage?

Ransomware players are attacking all IT infrastructure, not just servers and applications. In 2021, the network attached storage (NAS) appliance maker QNAP alerted its customers that eCh0raix ransomware was attacking its NAS devices, especially those with weak passwords, as reported in this ransomware paper by ESET.

This is a disastrous prospect, since data growth is exploding and 80% of the data in organizations is now unstructured file data sitting either in NAS storage or in the cloud.

The ransomware challenge of unstructured file data

Protecting file data is tricky because of its sheer volume, variety and fast pace of growth. IT organizations must create a layered strategy – meaning that in addition to keeping local backup copies, they must also keep an extra copy isolated in a different place such as the cloud that cannot be infected.

But now we’re talking major sticker shock. Many organizations have petabytes of file data and a petabyte can easily be a few billion files. Companies are already struggling to backup all this data. Adding another copy can give the CFO a serious migraine.

The good news is that it’s possible to create a cost-effective layered strategy. Here’s how:

Advertisement

1. Prioritize visibility and audits

Early detection of ransomware by monitoring activity and identifying threats and unusual activity across networks and infrastructure is a great goal. Analytics on data usage by unstructured data management tools can show suspicious activity on files, such as an abnormal amount of reads and writes.  While early detection is the ideal line of defense, it is not foolproof as ransomware attacks are constantly evolving. Storage managers should have analytics dashboards showing key metrics on all data usage across on-premises and cloud locations. Most (80%) of file data is typically cold and has not been used in a year or more. Knowing what data is hot and actively used, and what is not is key to creating a cost-efficient multi-layered defense.

2. Create a multi-layered data management defense

  • Snapshots and Backups for Hot Data. Snapshots and backups keep track of changes to data as they get updated. They are needed on hot, active data to protect from user or system failures.  But they can get attacked by ransomware, and if it is undetected for days, they may “protect” corrupted data.  Ransomware protection needs an additional copy of this data in storage that is immutable (meaning it cannot be rewritten), in a separate physical location such as the cloud.  This can all get expensive, which is why you want to use backups on hot, active data, which is typically 20% of the footprint.
  • Cloud Tiering and Immutable Storage for Cold Data. A mantra of modern data management is that all data should not be treated the same. It’s not a democracy. By tiering cold data off top-grade NAS to an object-lock storage in the cloud, you get an immutable copy of cold file data at a fraction of the cost. Ransomware software cannot rewrite it.  Moving cold data to object storage also reduces your backup footprint—which serves as another defense against ransomware while reducing backup license costs. Yes, you can also create a DR copy of data on tape, but recovery times will be significantly longer and physical backup solutions have become less appealing in the cloud age.
Advertisement

3. Have a plan – and validate it

With these components in place your team should have actionable plans in place to respond to attack scenarios. The time to realize if your plans can be executed is not when the hackers have succeeded and are chuckling behind their screens. Plans must be documented and tested to ensure data is protected with rapid restoration and alternative methods of data access so you can keep the business running without disruption—or large ransom payments.

Beyond Security Teams

The fight against ransomware is extending beyond the security team into all aspects of enterprise IT, including data storage. With unstructured data management, storage professionals can complement the efforts of their security colleagues by adopting a multilayered defense strategy that begins with real-time visibility across all storage, and incorporates snapshots, backups, and object-locked cloud storage. Your cybersecurity team will thank you.

As cybercriminals get more creative and aggressive, data management professionals will need to up their game with a more nuanced approach to the disaster recovery plan.

About the author:

Kumar Goswami is CEO and Co-Founder of  Komprise.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.